Pennington County, South Dakota, Closes Public Offices July 6 After Cybersecurity Incident Ahead of July 28 Runoff Election
- Offices Closed: Most Pennington County public-facing offices will be closed July 6 as officials respond to a cybersecurity incident affecting parts of the network.
- Critical Services Active: Services that remain fully operational include the 911 dispatch, court operations, and the 24/7 Program.
- Source Not Confirmed: The county did not disclose whether the source of the disruption ahead of the July 28 runoff election was a ransomware attack.
Pennington County, based in Rapid City, South Dakota, is responding to a cybersecurity incident that has affected parts of its network. County officials said the closures will let staff assess the situation and safely restore affected systems. As of Sunday afternoon, a county spokesperson said officials were still working to determine the full scope of the incident, and the investigation remains active.
Because the probe is ongoing, officials said they have limited verified information available and expect to issue their next public update by 11 a.m. Monday.
911, Jail, and Court Operations Unaffected by South Dakota Network Breach
Notably, the incident falls within an active election period: the Pennington County Auditor's Office will remain open Monday from 7 a.m. to 4 p.m. for in-person absentee ballot voting ahead of the July 28 run-off election.
Essential public safety functions continue uninterrupted, reports say, including:
- 911 dispatch,
- the county jail,
- the Juvenile Services Center,
- the Care Campus,
- Court operations,
- Early voting at the Pennington County Auditor’s Office,
- the 24/7 Program.
The Treasurer's Office will not process in-person transactions, but vehicle registration remains available online at my605drive.sd.gov or via self-service kiosks. Residents relying on county services Monday should expect delays for non-critical, in-person transactions and should check official county channels before visiting closed offices.
CISA and National Guard Join Pennington County Investigation
The county is working with the South Dakota National Guard Cyber Incident Response Team, the South Dakota Fusion Center, and the Cybersecurity and Infrastructure Security Agency (CISA).
Several U.S. municipalities announced cyber incidents or were listed on threat actor leak sites this year. Last week, INC Ransom added the City of Acworth and the City of Oak Park to its dark web data leak site.
A Foster City ransomware attack disrupted non-emergency operations, Cocoa City issued an emergency declaration related to INC Ransom, and a New Britain City Hall network disruption took systems offline.





